Updated on 2025-08-15 GMT+08:00

ThirdAuthContent

Table 1 ThirdAuthContent

Parameter

Mandatory

Type

Description

auth_request

No

PluginThirdAuthRequest object

Authentication API information.

identities

No

PluginThirdAuthIdentities object

User identity authentication information.

carry_body

No

PluginThirdAuthCarryBody object

Whether to allow the API request body for third-party authentication.

carry_path_enabled

No

Boolean

Whether to allow original request path.

return_resp_body_enabled

No

Boolean

Whether to return response.

carry_resp_header

No

Array of strings

Allowed response header. (If third-party authentication is successful, this header will be obtained from the response header of the authentication API and then transparently transmitted to the backend. A maximum of 10 parameters are allowed. The parameter length is from 1 to 64 characters.)

simple_auth_mode_enabled

No

Boolean

Simple authentication. (Status codes starting with "2" indicate the authentication is successful.)

match_auth

No

PluginThirdAuthMatchAuth object

Authentication result matching.

rule_enabled

No

Boolean

Whether to enable the blacklist/whitelist function. (APIs verified by the blacklist/whitelist will not be authenticated with the authentication API.)

rule_type

No

String

Blacklist/Whitelist type. This parameter is mandatory when the blacklist/whitelist function is enabled.

parameters

No

Array of PluginThirdAuthParameters objects

Blacklist/Whitelist rule parameters.

rules

No

Array of PluginThirdAuthRule objects

Blacklist/Whitelist parameter verification rules. A maximum of 100 rules are allowed.

custom_forbid_limit

No

Integer

Anti-brute force cracking threshold. (If the number of authentication attempts within 5 minutes exceeds this threshold, requests will be blocked and the authentication will fail until the next 5-minute window starts.)

auth_downgrade_enabled

No

Boolean

Relaxed mode. (The gateway receives requests from clients even if the authentication service cannot be connected or returns an error code starting with "5".)

Table 2 PluginThirdAuthRequest

Parameter

Mandatory

Type

Description

method

Yes

String

Authentication API request method.

protocol

Yes

String

Authentication API request protocol (HTTP not recommended).

url_domain

No

String

Authentication API address. This parameter is mandatory when no load balance channel is used. Use an IP address or a domain name, with up to 255 characters.

timeout

No

Integer

Authentication API timeout in seconds. Range: 1 ms to 60,000 ms. Default: 5,000 ms.

path

Yes

String

Authentication API path. Start with a slash (/) and use letters, digits, underscores (_), and hyphens (-). The path can contain query strings.

vpc_channel_enabled

Yes

Boolean

Whether to use a load balance channel. true: yes; false: no.

vpc_channel_info

No

PluginThirdAuthVpcChannelInfo object

Load balance channel information.

Table 3 PluginThirdAuthVpcChannelInfo

Parameter

Mandatory

Type

Description

vpc_id

Yes

String

Load balance channel ID.

vpc_proxy_host

No

String

Custom host header, a domain name that contains 1 to 254 characters, including letters, digits, periods (.), colons, and hyphens (-).

Table 4 PluginThirdAuthIdentities

Parameter

Mandatory

Type

Description

headers

No

Array of PluginThirdAuthIdentity objects

Request headers. A maximum of 10 request headers are allowed.

queries

No

Array of PluginThirdAuthIdentity objects

Query strings. A maximum of 10 query strings are allowed.

Table 5 PluginThirdAuthIdentity

Parameter

Mandatory

Type

Description

name

Yes

String

Start with a letter, and use letters, digits, periods (.), underscores (_), and hyphens (-). (1 to 32 characters)

Table 6 PluginThirdAuthCarryBody

Parameter

Mandatory

Type

Description

enabled

Yes

Boolean

true: yes; false: no.

max_body_size

No

Integer

Maximum number of bytes that are allowed. It cannot exceed the maximum body size allowed in a request.

Table 7 PluginThirdAuthMatchAuth

Parameter

Mandatory

Type

Description

key

Yes

String

Key in the authentication response header. (1 to 64 characters)

value

Yes

String

Value in the authentication response header. (1 to 512 characters)

Table 8 PluginThirdAuthParameters

Parameter

Mandatory

Type

Description

type

Yes

String

Parameter type. Options:

  • header: the value of the first HTTP header with the parameter name you set.
  • query: the value of the first query string with the parameter name you set.
  • path: complete HTTP request path.
  • method: HTTP request method.
  • system: system parameter.

name

Yes

String

Parameter name. Set path to reqPath, method to method, header and query to the header and query parameter key, and system to any of [sourceIp,stage,apiId,appId,requestId,serverAddr,serverName,handleTime,providerAppId,apiName,appName,authorizer.frotend.××,authorizer.backend.××].

value

Yes

String

Parameter source value.

Table 9 PluginThirdAuthRule

Parameter

Mandatory

Type

Description

rule_name

Yes

String

Name of a parameter verification rule. The name must start with a letter or digit, followed by letters, digits, colons (:), periods (.), underscores (_), parentheses (()), and slashes (/). It cannot start or end with a space. (2 to 254 characters)

match_regex

Yes

String

Parameter verification rule. A rule is indicated by [] and consists of a parameter name, matching rule (== (equal to), ~= (not equal to), in (enumerated value), ~~ (regular expression)), and matching value. Square brackets can be nested in [] and connected by OR or AND at the same level. The following example indicates that the verification is passed if the Host parameter in the header matches the regular expression ^f0269b2874ef0b65bee1f314e52aa.*$, or the request path is /a, /b, /returnRequest, or /d.